In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |